UN humanitarian organizations targeted for cyber espionage

Active since March 2019, according to researchers from Lookout Phishing AI, a phishing campaign targets the United Nations and various of its humanitarian programs and organizations. The goal of attackers is to steal login credentials (usernames and passwords).

Lookout cites the example of a phishing site faithfully mimicking the Office 365 access page for employees of the International Federation of Red Cross and Red Crescent Societies. If for a dozen phishing sites the SSL certificates have expired, six are still valid.

The cybersecurity specialist for mobile devices highlights the presence of JavaScript code to detect if the page is loaded on a mobile device. A keystroke logger allows real-time cyber espionage, not just when credentials have been submitted.

Lookout-Phishing-AI-onu

" Mobile web browsers also unintentionally help hide phishing URLs by truncating them, making it harder for victims to discover the deception "writes Lookout for whom phishing attacks have evolved and are now targeting mobile devices.

For the hosting of the infrastructure of the cyber espionage campaign, a Lookout researcher is mentioned by a company based in Malaysia which ensures anonymity with payments in cryptocurrencies.